OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto_impl.h" |
6 | 6 |
7 #include <pk11pub.h> | |
7 #include <sechash.h> | 8 #include <sechash.h> |
8 | 9 |
9 #include "base/logging.h" | 10 #include "base/logging.h" |
10 #include "crypto/nss_util.h" | 11 #include "crypto/nss_util.h" |
12 #include "crypto/scoped_nss_types.h" | |
11 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 13 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
12 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
13 | 16 |
14 namespace content { | 17 namespace content { |
15 | 18 |
16 bool WebCryptoImpl::digestInternal( | 19 namespace { |
20 | |
21 class WebCryptoSymKeyHandle : public WebKit::WebCryptoKeyHandle { | |
22 public: | |
23 explicit WebCryptoSymKeyHandle(CK_MECHANISM_TYPE mechanism) | |
24 : mechanism_(mechanism) { | |
25 } | |
26 | |
27 bool Initialize() { | |
28 slot_.reset(PK11_GetInternalSlot()); | |
29 return slot_.get(); | |
30 } | |
31 | |
32 void set_key(crypto::ScopedPK11SymKey key) { | |
33 DCHECK(!key_.get()); | |
34 key_ = key.Pass(); | |
35 } | |
36 | |
37 const CK_MECHANISM_TYPE mechanism() const { return mechanism_; } | |
38 PK11SlotInfo* slot() { return slot_.get(); } | |
39 PK11SymKey* key() { return key_.get(); } | |
40 | |
41 private: | |
42 CK_MECHANISM_TYPE mechanism_; | |
43 crypto::ScopedPK11Slot slot_; | |
44 crypto::ScopedPK11SymKey key_; | |
45 | |
46 DISALLOW_COPY_AND_ASSIGN(WebCryptoSymKeyHandle); | |
47 }; | |
48 | |
49 CK_FLAGS WebCryptoKeyUsageMaskToNSSFlags( | |
50 WebKit::WebCryptoKeyUsageMask mask) { | |
51 return ((mask & WebKit::WebCryptoKeyUsageEncrypt) ? CKF_ENCRYPT : 0) | | |
52 ((mask & WebKit::WebCryptoKeyUsageDecrypt) ? CKF_DECRYPT : 0) | | |
53 ((mask & WebKit::WebCryptoKeyUsageSign) ? CKF_SIGN : 0) | | |
54 ((mask & WebKit::WebCryptoKeyUsageVerify) ? CKF_VERIFY : 0) | | |
55 ((mask & WebKit::WebCryptoKeyUsageDeriveKey) ? CKF_DERIVE : 0) | | |
56 ((mask & WebKit::WebCryptoKeyUsageWrapKey) ? CKF_WRAP : 0) | | |
57 ((mask & WebKit::WebCryptoKeyUsageUnwrapKey) ? CKF_UNWRAP : 0); | |
Ryan Sleevi
2013/09/10 19:25:54
DESIGN: On second thought, we should be tracking t
Bryan Eyler
2013/09/10 21:21:56
Added a base class for the usages, as I believe th
| |
58 } | |
59 | |
60 HASH_HashType WebCryptoAlgorithmToNSSHashType( | |
61 const WebKit::WebCryptoAlgorithm& algorithm) { | |
62 switch (algorithm.id()) { | |
63 case WebKit::WebCryptoAlgorithmIdSha1: | |
64 return HASH_AlgSHA1; | |
65 case WebKit::WebCryptoAlgorithmIdSha224: | |
66 return HASH_AlgSHA224; | |
67 case WebKit::WebCryptoAlgorithmIdSha256: | |
68 return HASH_AlgSHA256; | |
69 case WebKit::WebCryptoAlgorithmIdSha384: | |
70 return HASH_AlgSHA384; | |
71 case WebKit::WebCryptoAlgorithmIdSha512: | |
72 return HASH_AlgSHA512; | |
73 default: | |
74 // Not a digest algorithm. | |
75 return HASH_AlgNULL; | |
76 } | |
77 } | |
78 | |
79 CK_MECHANISM_TYPE WebCryptoAlgorithmToNSSMechanism( | |
Ryan Sleevi
2013/09/10 19:25:54
STYLE: I feel like this method should be renamed,
Bryan Eyler
2013/09/10 21:21:56
Renamed to WebCryptoAlgorithmToHMACMechanism.
| |
80 const WebKit::WebCryptoAlgorithm& algorithm) { | |
81 switch (algorithm.id()) { | |
82 case WebKit::WebCryptoAlgorithmIdSha1: | |
83 return CKM_SHA_1_HMAC; | |
84 case WebKit::WebCryptoAlgorithmIdSha256: | |
85 return CKM_SHA256_HMAC; | |
86 default: | |
87 // Not a supported algorithm. | |
88 return CKM_INVALID_MECHANISM; | |
89 } | |
90 } | |
91 | |
92 } // namespace | |
93 | |
94 bool WebCryptoImpl::DigestInternal( | |
17 const WebKit::WebCryptoAlgorithm& algorithm, | 95 const WebKit::WebCryptoAlgorithm& algorithm, |
18 const unsigned char* data, | 96 const unsigned char* data, |
19 size_t data_size, | 97 unsigned int data_size, |
20 WebKit::WebArrayBuffer* buffer) { | 98 WebKit::WebArrayBuffer* buffer) { |
21 HASH_HashType hash_type = HASH_AlgNULL; | 99 HASH_HashType hash_type = WebCryptoAlgorithmToNSSHashType(algorithm); |
22 | 100 if (hash_type == HASH_AlgNULL) { |
23 switch (algorithm.id()) { | 101 return false; |
24 case WebKit::WebCryptoAlgorithmIdSha1: | |
25 hash_type = HASH_AlgSHA1; | |
26 break; | |
27 case WebKit::WebCryptoAlgorithmIdSha224: | |
28 hash_type = HASH_AlgSHA224; | |
29 break; | |
30 case WebKit::WebCryptoAlgorithmIdSha256: | |
31 hash_type = HASH_AlgSHA256; | |
32 break; | |
33 case WebKit::WebCryptoAlgorithmIdSha384: | |
34 hash_type = HASH_AlgSHA384; | |
35 break; | |
36 case WebKit::WebCryptoAlgorithmIdSha512: | |
37 hash_type = HASH_AlgSHA512; | |
38 break; | |
39 default: | |
40 // Not a digest algorithm. | |
41 return false; | |
42 } | 102 } |
43 | 103 |
44 crypto::EnsureNSSInit(); | 104 crypto::EnsureNSSInit(); |
45 | 105 |
46 HASHContext* context = HASH_Create(hash_type); | 106 HASHContext* context = HASH_Create(hash_type); |
47 if (!context) { | 107 if (!context) { |
48 return false; | 108 return false; |
49 } | 109 } |
50 | 110 |
51 HASH_Begin(context); | 111 HASH_Begin(context); |
52 | 112 |
53 HASH_Update(context, data, data_size); | 113 HASH_Update(context, data, data_size); |
54 | 114 |
55 size_t hash_result_length = HASH_ResultLenContext(context); | 115 size_t hash_result_length = HASH_ResultLenContext(context); |
56 DCHECK_LE(hash_result_length, static_cast<size_t>(HASH_LENGTH_MAX)); | 116 DCHECK_LE(hash_result_length, static_cast<size_t>(HASH_LENGTH_MAX)); |
57 | 117 |
58 *buffer = WebKit::WebArrayBuffer::create(hash_result_length, 1); | 118 *buffer = WebKit::WebArrayBuffer::create(hash_result_length, 1); |
59 | 119 |
60 unsigned char* digest = reinterpret_cast<unsigned char*>(buffer->data()); | 120 unsigned char* digest = reinterpret_cast<unsigned char*>(buffer->data()); |
61 | 121 |
62 uint32 result_length = 0; | 122 uint32 result_length = 0; |
63 HASH_End(context, digest, &result_length, hash_result_length); | 123 HASH_End(context, digest, &result_length, hash_result_length); |
Ryan Sleevi
2013/09/10 19:25:54
BUG: 1) result_length should be unsigned int, not
Bryan Eyler
2013/09/10 21:21:56
These were both requests from James; I have made t
Ryan Sleevi
2013/09/10 21:25:41
This is absolutely a security bug when the sizeof'
| |
64 | 124 |
65 HASH_Destroy(context); | 125 HASH_Destroy(context); |
66 | 126 |
67 return result_length == hash_result_length; | 127 return result_length == hash_result_length; |
68 } | 128 } |
69 | 129 |
130 bool WebCryptoImpl::ImportKeyInternal( | |
131 WebKit::WebCryptoKeyFormat format, | |
132 const unsigned char* key_data, | |
133 unsigned int key_data_size, | |
134 const WebKit::WebCryptoAlgorithm& algorithm, | |
135 WebKit::WebCryptoKeyUsageMask usage_mask, | |
136 scoped_ptr<WebKit::WebCryptoKeyHandle>* handle, | |
137 WebKit::WebCryptoKeyType* type) { | |
138 switch (algorithm.id()) { | |
139 case WebKit::WebCryptoAlgorithmIdHmac: | |
140 *type = WebKit::WebCryptoKeyTypeSecret; | |
141 break; | |
142 // TODO(bryaneyler): Support more key types. | |
143 default: | |
144 return false; | |
145 } | |
146 | |
147 // TODO(bryaneyler): Need to split handling for symmetric and asymmetric keys. | |
148 // Currently only supporting symmetric. | |
149 scoped_ptr<WebCryptoSymKeyHandle> sym_key; | |
150 | |
151 switch(algorithm.id()) { | |
152 case WebKit::WebCryptoAlgorithmIdHmac: { | |
153 const WebKit::WebCryptoHmacParams* params = algorithm.hmacParams(); | |
154 if (!params) { | |
155 return false; | |
156 } | |
157 | |
158 CK_MECHANISM_TYPE mechanism = | |
159 WebCryptoAlgorithmToNSSMechanism(params->hash()); | |
160 if (mechanism == CKM_INVALID_MECHANISM) { | |
161 return false; | |
162 } | |
163 | |
164 sym_key.reset(new WebCryptoSymKeyHandle(mechanism)); | |
165 | |
166 if (!sym_key->Initialize()) { | |
167 return false; | |
168 } | |
169 | |
170 break; | |
171 } | |
172 default: | |
173 return false; | |
174 } | |
175 | |
176 SECItem key_item = { siBuffer, NULL, 0 }; | |
177 | |
178 switch (format) { | |
179 case WebKit::WebCryptoKeyFormatRaw: | |
180 key_item.data = const_cast<unsigned char*>(key_data); | |
181 key_item.len = key_data_size; | |
182 break; | |
183 // TODO(bryaneyler): Handle additional formats. | |
184 default: | |
185 return false; | |
186 } | |
187 | |
188 crypto::ScopedPK11SymKey pk11_sym_key( | |
189 PK11_ImportSymKeyWithFlags(sym_key->slot(), | |
190 sym_key->mechanism(), | |
191 PK11_OriginUnwrap, | |
192 CKA_FLAGS_ONLY, | |
193 &key_item, | |
194 WebCryptoKeyUsageMaskToNSSFlags(usage_mask), | |
195 false, | |
196 NULL)); | |
197 sym_key->set_key(pk11_sym_key.Pass()); | |
198 if (!sym_key->key()) { | |
199 NOTREACHED(); | |
200 return false; | |
201 } | |
202 | |
203 *handle = sym_key.Pass(); | |
204 | |
205 return true; | |
206 } | |
207 | |
208 bool WebCryptoImpl::SignInternal( | |
209 const WebKit::WebCryptoAlgorithm& algorithm, | |
210 const WebKit::WebCryptoKeyHandle* key, | |
211 const unsigned char* data, | |
212 unsigned int data_size, | |
213 WebKit::WebArrayBuffer* buffer) { | |
214 WebKit::WebArrayBuffer result; | |
215 | |
216 switch (algorithm.id()) { | |
217 case WebKit::WebCryptoAlgorithmIdHmac: { | |
218 const WebKit::WebCryptoHmacParams* params = algorithm.hmacParams(); | |
219 if (!params) { | |
220 return false; | |
221 } | |
222 | |
223 WebCryptoSymKeyHandle* sym_key = | |
224 const_cast<WebCryptoSymKeyHandle*>( | |
225 reinterpret_cast<const WebCryptoSymKeyHandle*>(key)); | |
226 | |
227 DCHECK_EQ(sym_key->mechanism(), | |
228 WebCryptoAlgorithmToNSSMechanism(params->hash())); | |
Ryan Sleevi
2013/09/10 19:25:54
Why is this DCHECK still needed? You're no longer
Bryan Eyler
2013/09/10 21:21:56
Sign is provided with the hash algorithm, so I fig
| |
229 | |
230 SECItem param_item = { siBuffer, NULL, 0 }; | |
231 SECItem data_item = { | |
232 siBuffer, | |
233 const_cast<unsigned char*>(data), | |
234 data_size | |
235 }; | |
236 // First call is to figure out the length. | |
237 SECItem signature_item = { siBuffer, NULL, 0 }; | |
238 | |
239 if (PK11_SignWithSymKey(sym_key->key(), | |
240 sym_key->mechanism(), | |
241 ¶m_item, | |
242 &signature_item, | |
243 &data_item) != SECSuccess) { | |
244 NOTREACHED(); | |
245 return false; | |
246 } | |
247 | |
248 DCHECK_LT(0u, signature_item.len); | |
249 | |
250 result = WebKit::WebArrayBuffer::create(signature_item.len, 1); | |
251 signature_item.data = reinterpret_cast<unsigned char*>(result.data()); | |
252 | |
253 if (PK11_SignWithSymKey(sym_key->key(), | |
254 sym_key->mechanism(), | |
255 ¶m_item, | |
256 &signature_item, | |
257 &data_item) != SECSuccess) { | |
258 NOTREACHED(); | |
259 return false; | |
260 } | |
261 | |
Ryan Sleevi
2013/09/10 01:22:36
BUG: You need to update the length of |result| to
Bryan Eyler
2013/09/10 21:21:56
Sorry, I'm not exactly sure what you're looking fo
Ryan Sleevi
2013/09/10 21:25:41
PK11_SignWithSymKey will update signature_item.len
Bryan Eyler
2013/09/10 22:45:34
It doesn't look like there's a way to update the l
| |
262 break; | |
263 } | |
264 default: | |
265 return false; | |
266 } | |
267 | |
268 *buffer = result; | |
269 return true; | |
270 } | |
271 | |
70 } // namespace content | 272 } // namespace content |
OLD | NEW |